Zero-Day Java Exploit Affects Facebook

After all of the latest attacks on government, corporate, and social networking organizations, Twitter the most recent, it appears Facebook had their share this year.

Facebook revealed yesterday that it was hit in January from an unidentified group of hackers, however, no user information was compromised during the attack.

Here is a snippet from the note issued:

Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised. The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day.

It was said also that a zero-day Java exploit was found, when the suspicious domains in their logs revealed in the Java sandbox many vulnerabilities. The update was provided to Oracle who shipped patch(es) for the specific vulnerabilities found.

The company also stated, “We will continue to work with law enforcement and the other organizations and entities affected by this attack. It is in everyone’s interests for our industry to work together to prevent attacks such as these in the future.”

Other websites were additionally affected by this, and that the computers affected at Facebook were fully patched and clean before the attack.